Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Scammers spotted using unique DNS scam to target Aussie victims

A threat actor known as Savvy Seahorse is tricking victims into thinking they’re investing in a legitimate company before transferring funds to a Russian account.

user icon David Hollingworth
Thu, 29 Feb 2024
Scammers spotted using unique DNS scam to target Aussie victims
expand image

Researchers at IT security firm Infoblox have discovered an investment scam operation that is abusing functionality within the domain name system (DNS) to trick its victims.

The operation – somewhat whimsically dubbed Savvy Seahorse – uses DNS canonical name records, or CNAME, to set up its own traffic distribution system. With this TDS, the scammers update the IP address of their campaign infrastructure on the fly, making it easier for the campaign to evade detection.

The scammers also use this technique to rapidly scale up campaigns, running multiple scams for between 10 to 15 days and switching them on and off as required.

============
============

The scams themselves offer easy investment and fast returns, with companies such as Meta and Tesla often using familiar branding and designs. However, once a victim invests funds, the money is quickly transferred to a Russian bank.

The scammers are broad in their targeting, going after not just victims in Australia and New Zealand but also around the world – even operating in a range of languages, such as Russian, Polish, and Italian, among others. Curiously, one feature of the scam’s TDS is that it can geofence its victims. In this case, the scammers exclude victims from Ukraine and several other countries.

Renée Burton, Infoblox’s head of threat intelligence and a former senior executive with the US National Security Agency (NSA), believes Australians a ripe target for such operations.

“Australia and New Zealand have high disposable income per capita, and there are many mum and dad investors looking to play the market,” Burton said in a statement.

“Threat actors like Savvy Seahorse see opportunity in this, and the advent of social media advertising gives these cyber criminals a cheap and easy way to flaunt their scam websites to millions of people. The old adage of ‘if it seems too good to be true ...’ is important to remember. Knowing that criminals are out to steal from everyone, we all need to be extra vigilant when investing money or giving financial credentials through websites.”

David Hollingworth

David Hollingworth

David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.